Community Research and Development Information Service - CORDIS


HEAT Report Summary

Project ID: 644209
Funded under: H2020-EU.2.1.1.

Periodic Reporting for period 1 - HEAT (Homomorphic Encryption Applications and Technology)

Reporting period: 2015-01-01 to 2016-06-30

Summary of the context and overall objectives of the project

Mission of HEAT: To develop advanced cryptographic technologies to process sensitive information in encrypted form with the aim of safeguarding the privacy and security of the citizens and organizations that provide the input data.

The HEAT project aims to:
• Develop Somewhat Homomorphic Encryption (SHE) into a practical technology, by focusing on efficiency and security aspects, and examining real world use-cases where it is currently potentially viable.
• Develop novel SHE algorithms optimized for various platforms;
• Perform an in-depth security analysis to select the best possible key sizes;
• Provide open source re-usable software libraries tailored to the different platforms
• Apply the developed technology to three use cases to evaluate the practicality of the proposed solutions.

Motivation: As the amount of information we store, process and share electronically continues to rise, so do the security and privacy concerns about this information. High profile cases, such as the recent Snowden revelations, have contributed significantly to the growing privacy awareness amongst companies and end users. Privacy concerns and corresponding legislation often result, rightfully so, in the slow adoption of new technologies or the cancellation altogether of projects that are unable to offer sufficient privacy guarantees. As such companies and users typically have to choose either privacy (by not using some service) or the extra functionalities such service provides.

The HEAT project will focus on developing technology that enables both privacy and functionality simultaneously resulting in new application areas and business models. The classical approach to securing information is simply to encrypt it. The resulting ciphertext not only is impossible to decipher (except for the legitimate key owner), but it is typically also impossible to process the underlying plaintext solely by manipulating the ciphertext. What is required for functional privacy applications are mechanisms that support computation on encrypted data. These mechanisms naturally bridge the fundamental divide between privacy restrictions on the one hand and functionalities on the other hand.

The HEAT project has following outcomes:
1. Open source toolbox for SHE algorithms in SW and HW: The main deliverable will be an open source toolbox which implements a variety of SHE algorithms in both software and hardware. The goal is to provide a toolbox which can be utilized by others to experiment with and investigate the application of SHE technology within as wide a range of applications as possible.
2. Security analysis and parameter recommendations: To better understand the hardness of the computational problems that underly SHE, HEAT will perform much needed cryptanalytic work. This will allow to better understand the long-term viability of this new form of encryption and to specify security parameters in a much more effective way than currently possible.
3. Focus on real world applications with immediate impact: To validate the practicality of the developed technology in a range of applications, we will use the toolbox in three use cases. As such, we will examine how SHE technology can transform the three problem spaces not only by providing new functionalities but also by opening up new business opportunities.
4. Enable knowledge transfer and exploitation: Cryptographic research, including research supported by the EU via projects such as ECRYPT, traditionally produces outputs that are primarily of academic interest. A strategic objective of the HEAT project is to enable knowledge transfer from such results into tools usable directly by non-expert software engineers.
5. Improve European competitiveness in homomorphic cryptography: By bringing together Europe’s leading experts in this emerging field, and by focusing on a proactive external engagement and training effort, we will spread excellence throughout Europe and ensure we do not get left behind in this emerging technology.

HEAT Technical approach:
The HEAT project envisages a 3 pronged research agenda to extend the range of practicality and applicability of SHE:
1. Three real world case studies, supplied by our industrial partners, and using this to inform practical demonstrators of the technology.
2. Extend the range of applicability by further research into SHE algorithms, focusing on efficiency and other methods to increase the size of the circuits which can be securely and practically evaluated.
3. Understand the underlying security of the resulting systems, most of which relate to hard problems for lattices. This third prong is likely to have further spin-offs in that the resulting mathematical results and tools will be able to be applied to other lattice based systems, which are the main contender for post-quantum cryptography at the present time.

The demonstrators that will be developed are of particular interest to our industrial partners: Smart Grids for NXP, automated crime detection for CRX, and satellite analysis for Thales UK.

All three prongs will be executed in three phases, distributed across six interlinked work packages. In the first phase requirements analysis and capture will be performed. This will be followed by a phase of mathematical analysis and the creation of test artefacts. The test artefacts will be used to validate the assumptions underlying the requirements and mathematical analysis. Finally, the test artefacts will be worked up into demonstrators and tools. To ensure an integrated approach, these three phases and three prongs are executed within four technical work packages (with an extra two non-technical work packages making a total of six work packages). The relationship between the work packages and our core aspects are described in Figure 1. Each prong will produce publicly available reports, software tools and/or artefacts.

Work performed from the beginning of the project to the end of the period covered by the report and main results achieved so far

The HEAT project started in January 2015 and is set to run for 36 months. During the first project phase, corresponding to the first half of the project, the main focus was on analysing and specifying three use cases (WP1), designing and optimizing schemes and performing an in depth security analysis (WP2) and starting to building up the open source software and hardware libraries (WP3). WP4 on demonstrators and integration only started at M12 and so far dealt with the specification of the demonstrators.

The project was launched successfully during the kick-off meeting in January in Leuven and this meeting established a sound basis for clear and efficient cooperation of the partners towards the research objectives. A public website, blog and Twitter account were set up for external communication and an internal communication infrastructure including SVN and mailing lists was put in place.

The progress achieved by all work packages is in line with the description of work and resulted in 8 deliverables that were produced on time. The work performed can be summarized as follows:

WP1 – Use case specification and requirement analysis
WP1 started at M01 and ran for 12 months. We have worked on the specification of three use-cases where somewhat homomorphic encryption can become an important differentiator. Below we give a description of each use-case and summarize the main results so far.

Satellite Use Case

This use case investigates the application of homomorphic encryption to the processing of data acquired by ground observation satellites. We have described three candidate signal processing algorithms and have assessed their suitability to homomorphic encryption. We found that the scenario where an end user owns the satellite payload (and trusts the satellite operator) while it does not trust the data processing facilities to be of most interest. We identified the Advanced Synthetic Aperture Radar (ASAR) payload processing as the more promising vehicle for the use of somewhat homomorphic encryption. Our assessment is that the most promising use case is that of protecting synthetic aperture radar data throughout all of the processing from the ground station up to the product released to the end user. The detailed findings and recommendations and further research challenges are described in Deliverable D1.1.

Smart Grid Use Case

This use case investigates how homomorphic encryption can alleviate consumer’s security and privacy concerns whenever a smart meter forwards meter readings to the smart grid. We identified three use-cases where homomorphic encryption help to protect the privacy of the user. In all three scenarios the user provides privacy sensitive data, detailed meter readings, to a service which not necessary requires such detailed per-user statistics to compute (or obtain) the desired information. These use-cases are load monitoring and forecasting, fraud detection, and billing. In the two first scenarios sophisticated and precise forecasting algorithms are required. We investigated the usage of artificial neural networks where the processed data is encrypted (using homomorphic encryption algorithms). It seems unrealistic that the training as well as the collection of data can be performed locally on the smart meter in the consumer home. Therefore we suggest that training of this data and the computation (and updating procedures) on this trained and encrypted data is a valuable solution which could be outsourced to one of the service users in the smart grid network. Investigating which input data should be used, besides the meter readings, and how many hidden layers are sufficient are forwarded as research directions for WP2. The technical details are outlined in deliverable D.1.2.

ADOC Use Case
Organized Crime is becoming increasingly diverse in its method, group structures and impact on society. Internet and mobile technologies have emerged as key facilitators for organized crime. Although electronic communications have made organized crime activities less visible to authorities targeting criminal assets, the increasing usage of the Internet and of mobile communications offers new opportunities to investigators to detect signals and to pre-empt organized crime activities. We present techniques using homomorphic encryption which enable data sharing (and therefore enable Automated detection of Crime (ADOC)) between EU countries, while respecting the strong EU legal constraints on privacy. We have investigated a concrete use-case that uses different core algorithms to detect organized crime on encrypted databases. Besides searching on encrypted databases, fully homomorphic encryption unlocks the possibility to search and compute over encrypted databases. This shows that our framework allows cross- border cooperation by privately querying encrypted databases. The technical details are outlined in deliverable D1.3.

WP2 – Scheme design and security analysis
WP2 started in M1 and will continue till the end of the project. During the first half of the project, we have designed a number of homomorphic encryption schemes that achieve a better security level than existing schemes, a better level of efficiency, and also a higher level of resistance against side-channel attacks. We have also introduced new theoretical tools to improve the design of FHE schemes, such as the Rényi divergence. We have also invented a new stream cipher that is compatible with existing fully homomorphic encryption schemes. Finally, we have expanded the set of cryptanalytic techniques for assessing the security of fully homomorphic encryption schemes. Namely we have broken a number of existing schemes published in the scientific literature, and we have introduced new cryptanalytic algorithms to better understand the computational assumptions underlying fully homomorphic encryption. Deliverable D2.1 provides a survey of the state of the art of SHE at the beginning of the HEAT project. Two SHE schemes included in D2.1 have been broken by the HEAT partners, thereby further reducing the number of viable SHE candidates.

WP3 – Open-Source Implementations of Homomorphic Encryption Libraries
WP3 started at M7 and will run till the end of the project. Its goal is to produce the main deliverable of the project, namely a software and hardware library of implementations of the known homomorphic encryption schemes which have been tuned for the design requirements from the three case studies.
The first major accomplishment has been to specify a common API for the HE software libraries developed by the HEAT partners. This API will allow the higher level applications, i.e. the use cases to be implemented once, but at the same time allow different libraries providing the basic SHE operations to be used transparently. These libraries provide the following basic functionalities: key generation, encryption, decryption, homomorphic addition, homomorphic multiplication, bootstrapping, and covers several data formats (bits, integers). Currently the HEAT project is working on three different libraries: FVNFLlib implementing the Fan-Vercauteren scheme, HeLib implementing the BGV scheme and SIDGHV implementing an integer based scheme.
The hardware implementations will be accessible through the same software API defined above. We currently have basic operations such as multiplication using FFT and decryption and encryption implemented on FPGA.

WP4 - Demonstrators and Integration
This work package started in M13, however, the first milestone is not until M20 and the first deliverable is not due until M22. Therefore, work is currently at the initial investigative stages with no significant results to report so far.
Work is currently ongoing in Task 4.1 to define the demonstrators for the 3 project Use Cases: Satellite; Smart Grid, Automated Detection of Organised Crime. These Use Cases were developed and analysed in D1.1, D1.2 and D1.3 respectively. Activity in Task 4.1 to date has focussed on refining these Use Cases into specific and detailed scenarios that could be demonstrated. The majority of this work has been establishing the details of the algorithms that would need to be implemented, and determining if and how these could be implemented using HE based on the details of the SHE schemes being identified in WP2 (as captured in D2.1 Survey of existing SHE schemes and cryptanalytic techniques (M6) and M2.2 Preliminary specification of new SHE schemes (M16)). Based on this selection of scenarios, the next step will be to define demonstration architectures for the three Use Cases and select the required components (Milestone M4.1 due month 20).

WP5 – Dissemination, Standardization, Publication, Exploitation and Training
As described in our dissemination plan the work in this work package aims to overcome the key obstacles to widespread deployment of homomorphic encryption. We target three stakeholder groups (the scientific community, commercial and industrial experts, and finally the general public).
In terms of external communication we have created a project web page, with both internal and external pages. There is a project SVN repository on which all documents are placed and edited. There is also a project blog and project twitter feed which is used to promote aspects of the project.
The main output in terms of dissemination is academic papers; and a number of academic papers have been published (see D5.2). The topics outlined range from implementation details for homomorphic encryption, cryptanalytic attacks on homomorphic schemes or related proposals, as well as more “spin-off” work in multi-linear maps (which are based on existing SHE schemes).
Standardization of homomorphic encryption has proceeded via the ISO standards body; on which a project member (Pascal Paillier) is the editor. Whilst this is currently only looking at singularly homomorphic systems, the ground work set by this ISO effort will form the basis of any standardization efforts following on from the existing project.
Two events have been held; one a training event on homomorphic encryption which was held in Paris in October in 2015, and scientific workshop, again in Paris, in July 2016.

WP6 – Project management
WP6 is responsible for the effective organization of the project. The main achievements are: organization of meetings (Kick-Off meeting, technical meetings, intermediate review meeting), organization of conference calls, monitoring of the work plan (management reporting), distributing financing, answering partner requests and acting as central contact point towards the EC.

Progress beyond the state of the art and expected potential impact (including the socio-economic impact and the wider societal implications of the project so far)

The progress beyond the state of the art is mainly driven by HEAT’s main goal, which is to develop Somewhat Homomorphic Encryption (SHE) into a practical technology, by focusing on efficiency and security aspects, and examining real world use-cases where it is currently potentially viable. For each aspect, we now summarize the progress beyond the state of the art.

Efficiency of SHE
To date several SHE schemes have appeared in the literature, all of which are completely general and were mostly designed with Fully Homomorphic Encryption (FHE) in mind. FHE schemes are notoriously inefficient, and by optimizing SHE schemes for specific applications, we intend to show its practicality. The HEAT project is the first to provide an extensive in depth comparison of the different schemes, and parameter recommendations for different types of applications.

Security analysis
Since SHE is a very recent invention, the practical security of the above mentioned systems is in general not well understood, so an in depth security analysis is required. In the HEAT project we have already shown that one of the most popular SHE schemes (due to its efficiency) is in fact not secure and therefore can no longer used. We have also analysed the practical hardness of several underlying mathematical problems that form the basis of the above cryptosystems. This is important to make an optimal parameter choice for each security level.

Open source libraries
One of the main outcomes of the HEAT project will be the open source implementations of a selected set of SHE schemes both in software and hardware. Currently we have already been working on three different libraries and have developed a general API that can be used by the higher level applications. To enable reuse all these libraries will be made available to the general public.

Real-world use cases
To illustrate the practicality of the developed technologies, we will demonstrate its use in three real world use cases. The use cases have not been attempted before due to their efficiency constraints. For the smart meter use case, we are developing technology that enables a much wider functionality to process encrypted meter data, compared to the current state of the art. In particular, it will be possible to run neural networks on encrypted data which can be used in forecasting and fraud detection. For the automated detection of crime we are currently developing tools and technology that allow encrypted databases to be aggregated and detection algorithms to be run. Finally, for the satellite use case, image processing algorithms are being developed that will enable analysis of encrypted images. None of these use cases has been tried before and each illustrates a specific use of SHE that will find applications in other areas than the ones originally developed for.
It is clear that computing on encrypted data, in this case enabled by using homomorphic encryption, constitutes a disruptive technology that will create a paradigm shift in how one can simultaneously secure data but still enable data processing. This in turn will generate new economic and technological opportunities for Europe. The potential impact of the technology developed during the HEAT project is summarized below:

New products, services and business models with higher level of security and privacy
New applications and business models in different domains such as cloud computing, e-health, e-government, social media and supply chains require computation on different types of security-critical data and demand for sophisticated functionality and security. Homomorphic cryptography offers the tantalising goal of being able to process sensitive information within such applications, without needing to compromise on the privacy and security of the citizens, and organizations, who provide the input data.

Built-in compliance with security and privacy regulation
Much of European privacy regulation is devoted to ensuring that citizen’s private data remains private; yet we have seen that many modern business models rely on being able to process citizen’s data, for example for targeted advertising purposes. This creates a tension between the business community on one hand, and the need of regulators on the other. This tension stifles business innovation, and hence wealth creation. By enabling a technological compromise which respects both sides’ legitimate interests we can ensure that European citizens can benefit from increased privacy, and increased wealth generation.

Increased user control of data privacy and trust relations
If users can be assured that their data will be encrypted, and remain encrypted, despite computation being carried out upon it, they are more likely to trust any service which requires them to hand over data. This is true of both commercial applications and governmental ones; where different European countries populace have different trust levels.

Increased privacy preserving information availability
Computing on encrypted data can increase availability of information which would normally be impossible due to privacy concerns and regulations. This allows data analysis algorithms to be run by a third party on data originating from different players or on sensitive data which normally would not be accessible due to privacy concerns. This opens up the possibility for new services and business models, as illustrated by all three HEAT use cases.

Related information

Record Number: 195143 / Last updated on: 2017-02-21
Follow us on: RSS Facebook Twitter YouTube Managed by the EU Publications Office Top